Check out all the on-demand sessions from the Intelligent Security Summit here.

F5 today unveiled a major new addition to its security suite with the launch of F5 Distributed Cloud Services, which CEO François Locoh-Donou says should underscore the difference between the company’s approach to application security versus competitors.

The new platform will include multiple solutions for securing applications — the first of which is the F5 Distributed Cloud WAAP (Web Application and API Protection) offering. The offering combines capabilities from F5’s solutions for web application firewall (WAF) and distributed denial of service (DDoS) protection, with API security from the company’s acquisition of Volterra and bot protection from its acquisition of Shape Security.

“It’s basically a bundled stack of all the things you need to secure an application,” Locoh-Donou said in an interview with VentureBeat. “For a lot of CIOs, securing the front door of applications is the No. 1 issue.”

Going forward, F5 plans to integrate capabilities for cloud workload protection from its acquisition of Threat Stack to the Distributed Cloud WAAP solution, he said.


Intelligent Security Summit On-Demand

Learn the critical role of AI & ML in cybersecurity and industry specific case studies. Watch on-demand sessions today.

Watch Here

Multicloud focus

Also generally available as part of the Distributed Cloud Services platform is a solution for multicloud networking, which is based on the acquisition of Volterra as well. The solution aims to simplify the now-common practice of using multiple cloud environments to run applications.

The multicloud solution has “packaged up all the networking and security issues of applications in one single offering so that you can deploy your apps to different environments — and basically, they behave logically as if they were in the same place,” Locoh-Donou said. “But you don’t have to worry about networking and security issues.”

When it comes to multicloud, 92% of enterprises have a strategy for multicloud deployment, while 80% have a strategy for hybrid cloud, according to a report from Flexera. The new F5 platform advances the company’s mission of helping enterprises to reduce the complexity of securing applications in this multicloud and hybrid cloud world, Locoh-Donou said.

While the company has expanded beyond hardware in a big way over the past five years — software revenue now makes up 47% of F5’s product sales — the company’s ability to meet enterprise application needs in both on-premises and cloud environments is a key differentiator, according to Locoh-Donou.

“If I have five different security solutions in each of these five different environments — well, when a Log4j vulnerability happens, I then have to look at the threat surface differently in each of these areas, and change my security posture in each of these areas. And it’s a huge amount of complexity,” he said.

Therefore, the approach F5 has taken is that “we are infrastructure agnostic. We are agnostic to all these platforms. We’re going to give you a software security solution, or a service, that deploys in all these environments, and you can manage centrally,” Locoh-Donou said. “And when there is a change — when there is a new threat vector or a new threat pattern, when there is a new Log4j vulnerability — centrally, you can deploy a new policy to all these locations that blocks all of these attacks.”

“And that is unique,” he said. “Supporting distributed applications and being able to distribute our security — and abstracting the complexity of these different infrastructure environments from our customers — really is unique.”

Advantages over startups

In particular, this approach distinguishes F5 from startups in the application security market, Locoh-Donou said. While F5 has a natural advantage over smaller players by having 20,000 customers — including the “vast majority” of Fortune 500 companies — “the biggest advantage is that we can we can serve customers’ needs in any form factor that they need,” he said.

F5 can offer “packaged hardware on-prem, packaged software on-prem or in the public cloud, software-as-a-service now with this launch. And managed services, if you want managed services on top of that,” Locoh-Donou said. “And so regardless of the way in which an enterprise wants to consume the technology, F5 is the only company that can deliver that technology to them in the form factor [they want].”

This is crucial because the reality is that most large enterprises “don’t have a single consumption need,” he said. “They need hardware for some of their applications — they want to physically see the box and where it sits in the private [data] center. And then for some applications, they don’t have the resources to go manage the long tail of applications. They want [software-as-a-service] SaaS — and maybe SaaS is in the public cloud or SaaS is distributed.”

Some of the new startups in the application security space “are great companies [that are] doing well — but all they offer is SaaS,” Locoh-Donou said. “It’s great to be born in the cloud and offer SaaS. But when you’re talking about the largest 10,000 enterprises in the world, that’s [only] one of the ways they will consume things. And this fallacy, this mythology that has existed in the industry — that ‘everything’s going to go to SaaS,’ or ‘everything’s going to go to cloud and on-prem is going to die’ — the last five years have proven that that’s just yet another fad.”

Instead, the largest enterprises are leveraging some public cloud and multicloud, keeping some things on-premise, and even repatriating some applications back from the cloud, he said.

Enterprises are “doing all these things. And so, we’re going to live in this world of distributed applications. We’re going to live in a world of multiple environments. We’re going to live in a world of multiple consumption factors of the technology,” Locoh-Donou said. “And F5 — in our space of applications and security, we are essentially the one player that can serve all these form factors. And I think that is a huge advantage when you’re talking about large enterprises.”

VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Discover our Briefings.